System and method for virtual team collaboration in a secure environment

ABSTRACT

A computing platform for facilitating dynamic connection and collaboration of service providers and service requesters to transact services in a secure computing environment. The environment includes data content comprising emails, messages, biographical information and human resources related data associated with the users. The platform includes a connection module for connecting users to form groups, and a collaboration module for creating a virtual secure data room for collaboration and sharing of encrypted data by the connected users in a user-friendly and transparent manner. The platform further comprises an indexing and parsing module for identifying keywords and topics in the data content associated with the users and a matching module for matching project requirements of service requesters to profiles of the service requesters, the profiles including the parsed data content of the users.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority to an earlier filed U.S.Provisional Patent Application No. 61/257,307, filed on Nov. 2, 2009,and U.S. patent application Ser. No. 12/938,355, filed on Nov. 2, 2010.

BACKGROUND OF THE INVENTION

1. Technical Field

The present invention relates to a method and system for the deliveryand provision of professional services using an internet-based platformcapable of sharing resources.

2. Background

The traditional market for professional services is highly fragmentedand inefficient due to the varying and diverse expertise of theprofessionals and the industries they serve. Take for example, the legalindustry. Lawyers are licensed in disparate jurisdictions andspecialized in distinct fields. They have different levels of experienceand operate at varying levels of competence. While large law firms areable to bring together various niche services providers to aggregatesupply, they make up for only a fraction of the legal community andcontribute to its rigid and hierarchical “old-school” nature.

Presently, the supply-side architecture of the legal services industrylags other industries. Lawyers use software applications for theirbilling, office and case management. However, the legal profession hasnot yet adopted the now available web-based technology to provide legalservices to their clients. They also don't typically collaborate onlinewith other lawyers throughout the entire deal process (from sourcing tofinal payment). While there are online databases such asMartindale-Hubble, these services do not allow for meaningfulinteraction, collaboration or transactions (i.e. the full legalexperience). The problem is that they resemble more closely to an onlinephonebook than an interactive exchange where legal service providers andservice requesters or consumers conduct business.

According to Thomson Research, consumers demand greater efficiency andtransparency of online legal services. Consumers are frustrated withnavigating an ever-increasing volume of legal information online as theyare untrained or inexperienced in digesting this over-saturation ofseemingly unrelated and fragmented data. Thomson Research also suggeststhat evaluating the credibility of legal information and legalprofessionals is equally difficult. The problem is that while consumersare being serviced in other industries via the Internet, the legalprofession has lagged further behind.

An inefficient marketplace is typically manifested by a large variationin prices for a given quality of service. In the present system, a greatmajority of legal service providers charge their clients based onbilling rates. They bill varying hours for the same product, with largerfirms commanding the highest rates. Thus, for the same quality of legalservice, the price of the work product can vary greatly.

For many lawyers, large percentages of revenue often lie within fewcustomers. Loss of one major client can have significant repercussions.This is particularly evident for the thousands of long-tail/mid-tailproviders, who have limited relationships and compete against largercounterparts with global reach. As a result, smaller firms and lawyersoften lose new business because they can only service 60-80% of aclient's needs. While these lawyers are more likely to adopt newtechnology, there have been no complete solutions to date for on-demandcollaborations with the clients and other out-of-network legalprofessionals including assistants, paralegals, and consultants, in avirtual or online environment. Moreoever, there is a perceived drawbackof online systems that one must contend with a reduced level ofconfidentiality, security and control. For litigators, there is theworry that it could mean a loss of attorney-client privilege.

Accordingly, there is a need for a secure platform that facilitates theformation and management of client and professional teams possessing therequisite talents for specific projects and the efficient collaborationof team members in a virtual or online workroom.

SUMMARY OF INVENTION

An object of the present invention is to provide a method and system forharnessing the network effect of professionals in a virtual or onlinespace even though such professionals may be physically located indisparate and far-flung geographical regions.

Another object is to provide an intuitive, simple-to-use user interfacefor requesters or consumers of professional services to access and seekoptimal price and performance from such networks of professionals.

Still another object is to provide a secure online portal or on-premisesystem to facilitate the connection and collaboration of professionalsthrough a wide area network such as a packet switched network such thatprofessionals having different skill sets and located in differentgeographical regions will be able to share knowledge and skills and tonetwork and collaborate with each other on complex projects in anefficient and cost effective manner.

Yet another object is to provide a secure workroom to enablecollaboration among authorized professionals of a team to selectivelyshare encrypted documents in a confidential but yet user-friendlymanner.

According to the present invention, a system comprising a server orgroup of servers is configured to enable and to facilitate the dynamicor on-demand connection of computing devices to form one or more closednetworks or teams of professionals for the purpose of collaborating on aproject-by-project basis or on a fixed term relationship.

In a presently preferred embodiment, the inventive platform isconfigured on servers and storage devices provided by large scalenetworked data centers accessible through broadband networks. Theservers include a database server, an application server, a web server,and a media server. The database server includes data relating to theidentity of individual profiles of professionals and a plurality ofnetworks of access devices, a secure data room accessible only byauthorized access devices for sharing data and files among the networkedprofessionals. The profiles may include data content such asbiographical information, human resources data, social network profileinformation (e.g., LinkedIn), credentials, publications, memos, andmessages (e.g., emails). The web server also includes an input modulefor collecting requests for services including budget and pricinginformation for a project, presenting such requests to the accessdevices of the professionals, and displaying bids from the serviceproviders to the requesters. A transaction module is also provided forcredit management including managing payments corresponding to specificmilestones agreed to by the parties for a project. A request filterparses the service requests and derives indicia of professional servicesin terms of the relevant expertise, which indicia will be used forsearching or matching with relevant service providers. A matching modulematches the service requesters to the service providers on the platform.

The various features of novelty which characterize the invention arepointed out with particularity in the claims annexed to and forming apart of the disclosure. For a better understanding of the invention, itsoperating advantages, and specific objects attained by its use,reference should be had to the drawings and descriptive matter in whichthey are illustrated and described preferred embodiments of theinvention.

Other objects and features of the present invention will become apparentfrom the following detailed description considered in conjunction withthe accompanying drawings. It is to be understood, however, that thedrawings are designed solely for purposes of illustration and not as adefinition of the limits of the invention, for which reference should bemade to the appended claims. It should be further understood that thedrawings are not necessarily drawn to scale and that, unless otherwiseindicated, they are merely intended to conceptually illustrate thestructures and procedures described herein.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, wherein like reference characters denote similarelements:

FIG. 1 is a diagram of an embodiment of the inventive systemfacilitating the connection, collaboration and transaction betweenclient and professional teams of the present invention;

FIG. 2 is a portion of a relational database representing the relationaltables of a User, the User's files, users with shared access to theUser's files, and the User's messages with other users;

FIG. 3 diagrammatically illustrates the interplay of the file storage,the encoder/decoder and web application/server to enable sharing ofencrypted files between users;

FIG. 4 describes the steps of sharing encrypted files in a mannertransparent to the users;

FIG. 5 is a flow chart illustrating the steps of communicating encryptedmessages between users; and

FIG. 6 diagrammatically depicts another embodiment of the inventivesystem facilitating connection, collaboration and transaction amongclient and professional teams in an enterprise environment.

DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EMBODIMENTS

Preferably, the inventive system is implemented on a cloud-computingservices platform (the “cloud platform”) that may be configured as a“public” cloud or a “private” cloud such as that offered by Amazon WebServices and which is accessible by users around the globe via apacket-switched network such as the Internet. The cloud platformprovides the inventive system with operational, fault-tolerant andservice-specific security processes as well as redundancies by usinghighly scalable servers (i.e. ability to add servers on demand) indiverse geographical locations. It also provides a virtualized computingapplication layer for implementing a variety of software services forthe inventive system such as those disclosed herein. Since confidentialdocuments and messages are shared among them and payments are transactedamong the service providers and requesters, security and reliability ofthe system are of paramount concerns to the users of this system.

The system is preferably built pursuant to applicable ISO 9000 standardsand is configured to utilize security features of a cloud computingplatform for certification and accreditation pursuant to SAS70 Type IIor equivalent. Unlike popular online social networks, such securityfeatures are necessary for the provision of professional services andwill be demanded by both the providers and clients.

Optionally, the system may be deployed on servers operated andcontrolled by an enterprise (e.g., virtual private cloud or on-premisesystem) such that users may benefit from the system's various inventivefeatures while maintaining the enterprise's confidential data securedbehind its own network firewalls.

In a presently preferred embodiment, the inventive system includes adatabase server, an application server, a web server, and a mediaserver. Each of these servers is configured to include one or morecomputer processors and associated memory devices (e.g., Random AccessMemories, hard drives or their equivalents, etc.). The database serverincludes data relating to the identity of individual profiles ofprofessionals and a plurality of networks of access devices, a securedata room accessible only by authorized access devices for sharing dataand files among the networked professionals. The web server alsoincludes an input module for collecting requests for services includingbudget and pricing information for a project, presenting such requeststo the access devices of the professionals, and displaying bids from theservice providers to the requesters. A transaction module is alsoprovided for credit management including managing payments correspondingto specific project milestones agreed to by the parties. A requestfilter parses the service requests and derives indicia of professionalservices in terms of the relevant expertise, which indicia will be usedfor searching or matching with relevant service providers. A matchingmodule matches the service requesters to the service providers on theplatform based on project descriptions or requirements and the profileinformation of the service providers. In brief, the system facilitatesthe connection and collaboration of providers to transact services withclients. The collaborative system provides three primary functionalitiesto the users: (1) ability to selectively connect or network with otherusers (e.g., members of their teams and select service providers) in thesystem, (2) ability to collaborate with authorized and users in a securedata or work room, and (3) ability for service requesters to manageagreed milestones and/or to transact payments corresponding to theagreed project milestones. Users may be requesters for professionalservices such as legal services; the users may also be service providerssuch as attorneys or accountants. Each user registers or otherwiseprovides identification or profile information that may be used forauthentication, networking, and matching purposes. An administrator ofthe system may also pre-register or pre-authorize certain users to usethe system. In the case of a corporate user, the user's profileinformation preferably includes the name of the company, name ofcontact, place of organization, year started, address, annual revenue ofthe company, and corporate title and function of the corporate user. Forservice providers such as attorneys, the information will include hisname, address, jurisdictions in which they are licensed to practicetheir professions, academic and other credentials, professionalexperience, and practice profile, etc., which will be useful for thematching module to match them to the service requesters or for aconnection module to facilitate the connections among the users. Theusers may also be assistants or paralegals of the attorneys or theservice requesters. In a presently preferred embodiment, the matchingmodule includes a search engine for matching service providers toservice requesters based on profile information of the service providersand project requirements of the service requesters.

There is shown in FIG. 1 a presently preferred embodiment of the virtualcollaborative system 10 constructed in accordance with the presentinvention. The system comprises an Interface 12 for interaction amongservice requesters (e.g., clients) and service providers (e.g.professionals), who may be collectively referred herein as “users”,which includes a Registration Module 14, a Connection Module 16, aMatching Module 18, a Collaboration Module 20 and a Transaction Module22. Users may access the system via any access devices with appropriatesoftware applications to communicate with the servers on the cloudplatform. Such access devices may include PCs, Macs, smart phones, orother client devices. A user registers with the system through theRegistration Module 14 and his profile and contact information is storedin a searchable database. Once registered, the users may search andconnect with each other, thereby forming groups of users with sharedinterests or goals. These connected users may share a common messageboard to communicate with each other. They may also set up a virtualsecure data room from which they can upload and download files forcollaboration. The service requesters or clients may also connect withtheir own employees/agents and share their data room. In one scenario,the clients may invite service providers to collaborate on a previouslyestablished project through their virtual data room, and which willeliminate the need for sending files to each other via email serversthat could block or misidentify emails as spam emails and never deliverthe legitimate emails to the intended recipients. Worse yet, the emailswhich are typically transmitted in unencrypted form may be interceptedby third parties. As shown in FIG. 1, the secure data rooms form thebasis for collaboration for each virtual team. Online collaborationapplications (similar to Google Docs) may be provided to the users forgreater productivity efficiency. The teams may be formed or dissolved ondemand depending on the projects shared by the team members; the datarooms may likewise be formed or disassembled on demand.

The service requesters may submit a project to the Interface 12 forbidding by the various virtual teams on the platform. Recognizing therequesters lack the requisite sophistication to seek the most qualifiedproviders, the matching module 18 matches the project requirements torelevant service providers and ranks them in accordance with the projectparameters and the providers' profiles. Specifically, the matchingmodule 18 analyzes the project description by way of keywords used bythe requester and associated metadata and searches through the profilesof the providers to determine the number of keywords or metadata matchedand derive a relevance ranking. The matching module 18 may also make useof a request input filter which parses the written project descriptionfrom the client and extracts important parameters for processing by thematching module 18. The more keywords, metadata and project parametersare matched, the more relevant the provider is to the project. Once theproviders are identified, the system forwards the project to theidentified providers via a previously specified communication method(e.g., email or SMS or posting via the platform to the identifiedproviders) and requests them to respond to the request for bids within aspecified time period.

To facilitate on-demand collaboration among the providers, thetransaction module provides revenue splitting based on previously agreedpercentages. Thus, prior to submitting a bid, the providers may agree toa certain revenue split among them and which percentages are enteredinto the Transaction module 22 such that when payments are released fora completed milestone, the transaction module automatically divides anddistributes the payments to the team members.

To further enhance collaboration among the users, the system may issuevirtual currency to the users, which may be used for trading by theusers in order to obtain certain privileges or rights. This concept isakin to the airlines' frequent mileage programs. Accordingly, providerswill accumulate increased amount of virtual currency the more they usethe services provided by the platform. Virtual currency can be used byusers to barter and negotiate with other registered users. Virtualcurrency may also allow the users to, for example, trade or purchaseleads from other users in an open market place on the platform. In thecase of lawyers, the virtual currency could also allow them to obtainsample legal papers (e.g., motion papers and form contracts), andnegotiate various deals as a part of a virtual team/firm. The platformwill allow for virtual currency to evolve and increase in value. In apreferred embodiment, the virtual currency is in the form of pointsprovided to registered users of the platform. These points may be usedfor bidding on proposed projects by the service providers. Additionalpoints may be purchased at a predetermined price.

The modules are further described in more details as follows.

Registration Module

The Registration Module 14 is configured to collect user contactinformation and profile description which may be made searchable byother users. For example, the profile description may include keywordsand meta-tags associated with the particular user and which are storedin a searchable database. The Registration Module 14 may also collectphotos, credentials, and documents for enhancing the credibility of theprofessional service provider. This module may also include an algorithmfor authenticating the users. For service providers who are lawyers, andwho received license registration numbers from their respectivejurisdictions, they will be required to submit such registrationnumbers. Upon receipt of a registration number from a user, the moduleperforms verification with an internal or external database containingbar registration numbers of lawyers in the various jurisdictions.

An exemplary registration form may include the following fields: Emailaddress; Password; Name of User; Screen Name (to be selected byuser)—minimum number of characters; Name of Company or Firm (ifapplicable); Full Postal Address; Wireline phone number; Mobile phonenumber; Fax number; Email address; Website address; Profile or Bio (notethat this field is searchable by other users depending on privacysettings.); and Keywords, metadata, and meta-tags for facilitatingsearching by or for connection with other users and for matching withprojects proposed for bidding by clients. The metadata or keywords mayinclude words typically used in such legal fields, for example, as realestate, intellectual property, securities laws, litigation, corporategovernance, international tribunals, cross-border transaction, andcommercial law, etc.

A database schema is configured to categorize the professional interestsof the providers and their experience and skill levels for efficientindexing by the system. Such data will be used for searching by clientsand other users, and will facilitate project team formation among theusers, especially when a project is submitted by a client for bids for adefined period of time, and the necessary talents must be locatedquickly to prepare a responsive bid. The database architecture will belater described in connection with FIG. 2.

Optionally, an administrator of the inventive system may register newusers without requiring initial input from the new users. For example,the administrator may register the new users by uploading and parsing auser list containing relevant user information and storing it in a userdatabase accessible and searchable by other users. The administrator mayalso register a new user manually. In another example, the administratormay parse Human Resources data 30 containing personnel information ofthe enterprise and index relevant user profile information for thepurpose of matching and collaboration in accordance with the inventivesystem. This would facilitate more accurate matching of the users toproject requirements because of the use of a larger set of user profiledata. Additionally, the administrator may use this Human Resources datato pre-register the users and set up their initial profile informationand pre-connect them on the platform so that they may begin sharinginformation and collaborating on projects without initially requiringeach new user to register and invite and connect with each other.Confirmation of registration by the new users may be achieved by the newusers accepting the sharing of information with other registered usersor by participating on a new project, or subsequently changing theirpre-assigned passwords after logging into the inventive system.

Connection Module

Advantageously, the Connection Module 16 provides the users the abilityto invite and dynamically network with each other and form increasinglydiverse project teams to collaborate on ever more complex projects.Initially, the users may invite other registered users so as to form adistinct network or groups whose members share common interests orgoals. The system tracks the relationships of the various users througha user database. The users form project teams by inviting members oftheir existing networks or invite others outside their networks based onthe needs of the project at hand. Each user's login page will show hisconnections, project teams, data room(s) (where documents are stored anddisplayed), and status of his projects.

The Connection Module 16 may include the following features:

-   -   Upload profile content—Registered users would be able to upload        additional content to their respective profiles including        photos, document, credentials, etc., up to a predetermined        storage size.    -   Edit & Manage profile—Once user has created his/her profile then        user can also manage his profile. He would be able to make        changes from time to time. Here users would also be able to        select visibility or privacy option for their profiles so that a        portion of his profile would be visible to all users on the        platform, and another portion of his profile will only be        visible to authorized users.    -   See others' profiles—Users would be able to see other users'        profiles, the visibility of other users profile would depend on        the privacy option selected by the respective users.    -   Search users—This feature will help user search each other using        different criteria as described herein.    -   Add/remove “Connections”—Users would be able to add or remove        other users in their profile, thereby enabling users to        customize their networks on the platform.    -   Send and receive messages—This feature will allow users to        send/receive messages to other users on the platform or to        members of his network.    -   Connect with other users—Connected users would also be able to        create their own “group” or “virtual firm” through invitations.    -   Create Events—Users of the website would also be able to create        events on the websites, users can send invitation to other users        to take part in these events and other users can accept or deny        the request for the event.    -   Provider Only Forum—Users would be able to engage in open        discussions with other users of the website with identifiable        discussion threads.

Matching Module

To alleviate the needs of a client to have a thorough understanding ofthe various professional disciplines and qualifications in order toidentify the appropriate service provider(s) for a project, the MatchingModule 18 implements intelligent business rules for determining relevantservice providers for the client. For example, the client, in hisdescription of a proposed project, is required to input certain keywordsor metadata in a designated field. The keywords or metadata are storedand indexed in the database, and will be used to match with serviceproviders who also input the same or related keywords in their profilesor whose profiles include the same or related keywords. Likewise, theproviders are required to input in a field keywords, parameters,metadata that are pertinent to their expertise, which data are stored ina database for later matching with the project description parametersentered by the client. The business rules may further require that ifthe project description mentions certain keywords, and which are matchedwith keywords stored in a provider's profiles, the provider will receivethe client request and will determine whether and how to respond to suchrequest within a given time period set by the client.

The Matching Module 18 will rank relevant service providers based on thenumber of matched parameters and provide the list of such providers tothe client. The service provider with the greatest number of matchedparameters will have the highest relevance ranking. In this way, theclient can more intelligently sort through potential providers for aproject.

In another embodiment, the matching module 18 matches the projectdescription or requirements provided by the service requester (i.e.users) with the profiles of the service providers (i.e., other users)based on data content including, but not limited to, biographicalinformation, credentials, messages, and files created by or otherwiseassociated with the service providers. Matching may be performed throughkeywords in the data content and/or metadata identifying thecharacteristics of the data content. The metadata may includedescriptive information such as the name of the writer or creator of thedata content, purpose of the data content, topic(s) associated with thedata content, time and date of creation of the data content, and linksor pointers to other writers or creators of topics similar to that ofthe data content, etc. The matching module analyzes or parses theproject requirements or description for keywords and topics and analyzesthe profiles of service providers by comparing the project keywords totheir biographical information, credentials as well as metadataassociated with the messages and files created by the service providers.Preferably, the matching module ranks the relevance of the serviceproviders to the proposed project by the number of project requirementkeywords that has been matched with the service providers' profiles(e.g., biographical information, credentials, and data content parsed byan Indexing Engine 36 in the manner described in connection with FIG. 6below). Additional filtering or ranking criteria may be employed byidentifying the data content such as messages and files sent or createdby the service providers, which contain the keywords in the projectrequirements. The more data content of the service providers that may bematched with the project requirements, the higher ranked or morerelevant the service providers are to the requested projects. Forexample, a project requirement seeking service providers with trialexperience in biotech patent litigation in a federal district court inTyler, Texas would be matched with providers whose profiles containkeywords “patent”, “litigation”, “biotech”, “Tyler”, and “Texas”.Furthermore, if the service providers have data content such aspublished articles or memos or are senders of messages that containthese keywords or have associated metadata containing these keywordsthen these service providers would be ranked higher than those serviceproviders without such matching data content.

Metadata of data content may include topics of publications, author(s)of publications, names of publishers/journals, dates of publication,subject line of a message (e.g., email) or subject of a memorandum, etc.The metadata may be input by the creators or administrators of the datacontent. Optionally, the metadata may also be synthesized or otherwisegenerated by an analytic module such as the Indexing Engine 36 thatparses a data content for keywords and generates related keywords orstrings of keywords commonly associated with the parsed keyword, and/orinclude the context of such keyword usage for the purpose offacilitating contextual searching. For example, keywords such as“invention”, “obviousness”, “novelty”, and “patent eligibility” may beassociated with the term “patentability”. Thus, a project requirement ordescription containing the term “patentability” would enable thematching module to match those profiles containing these synthesized orgenerated terms even though they may not contain the exact keyword“patentability” in their profiles. For another example, keywords used inan email may be accorded a lower relevance score than when the keywordsare used in a publication authored by the user.

Collaboration Module

Secure Data Room

To facilitate collaboration among project team members, theCollaboration Module 20 provides virtual secure data rooms and onlinecollaboration tools for use by the team members. The virtual data roomsmay be secured using well-known security mechanisms such as firewalls,authentication, and encryption technology (e.g., S-HTTP specified in RFC2660, or HTTPS). The secure data rooms may be configured by a Data RoomFile Server containing the contents of the files in the data rooms and aDatabase Server including data that relate to and define the attributesof the data room files and folders accessible by specific authorizedusers of the data room; for example, each authorized user could have thesame or different viewing or editing rights to select files and foldersin the data room. For another example, an authorized user may haverights to upload files to a specific folder but have only viewing rightsto other folders or no viewing rights to any other folders in the dataroom. The owner of the data room will have administrative rights totailor access to his data room. A presently preferred embodiment of analgorithm for sharing documents and data are later described inconnection with FIGS. 2 through 4.

The secure data room is preferably configured to provide the followingfunctionalities:

-   -   An owner of the data room is able to designate or invite other        users on the platform to view, edit, upload and/or download        files to one or more folders in the data room designated by the        owner.    -   The owner is provided with statistics including who and when the        files were viewed, edited, uploaded and/or downloaded.    -   The owner is able to create and name folders in the data room.    -   Authorized guests are able to view only the designated shared        folders.    -   The data room is subdivided such that a first group of        authorized users can view a first set of folders while another        group can view another set of folders.    -   Ability to measure the amount of storage space used by the data        room.    -   Ability to limit the amount of data used in the data room, and        the amount of data transferred to and from the data room based        on the owner's purchased usage threshold (e.g. membership        level).    -   Ability for owner to automatically pay for the increased data        and bandwidth usage.    -   Ability to handle transfers of large blocks of files.    -   Ability to handle large numbers of concurrent users in a        scalable manner.    -   Ability to encrypt data for uploads and downloads.

Collaboration Tools

To further enhance productivity and collaboration by the project teammembers, the system may provide additional online application software(similar to Google Docs) which does not require users to upload anddownload of documents. Provided there is sufficient bandwidth capacity,the use of such online software will be transparent to the users and theexperience will be the same as if the application software is being runby the users' computing devices. In fact, the online software (orSoftware as a Service (SaaS)) or other collaboration application tools24 is executed by the servers, and the user devices merely receive datafrom the servers and displayed by, for example, a web browser. In thisway, the users collectively share the resources on the platform, whichwould result in lower license fees. More importantly, the data andapplications are not tied to any user device thereby increasing themobility of the users and enabling the users to access and share theirdata anywhere around the globe. An example of such collaborationapplication tool 24 is an electronic discovery software that may beselectively enabled by the user to process and analyze data (e.g.documents and emails produced during discovery phase in a lawsuit).Document conversion program (e.g., converting documents into PDFs) isanother example of such collaboration application tool.

After completion of a project, each of the client and the provider willhave an opportunity to rate his experience. Such ratings will bepublished to all users and will serve as a vehicle to increase thequality of both the clients and the providers. Providers will beincentivized to provide the high quality service while the clients willalso be encouraged to work fairly and efficiently with the providers.Consequently, the highly rated provider will be able to charge higherprice because of his higher quality of work while the highly ratedclient will be able to attract higher number of bidders for its projectsand thus able to negotiate a lower price for the project.

Transaction Module

The Transaction Module 22 comprises a payment interface to transactpayments through a generally recognized financial payment processinginstitution (“FPPI”) and an escrow deposit and release functionalitymanageable by a client, which is also tied to a project milestonesmanagement system. The payment interface includes an ApplicationProgramming Interface (API) for interfacing with the FPPI to communicatecredits and debits to the user accounts. The escrow functional featureis a dashboard where a client can manage payments for the various agreedmilestones for his one or more projects. The dashboard preferablydisplays to the service providers the various projects in progress, theagreed milestones and payments for each project, the identification ofthe providers for each project, and a clickable communication link thatenables the client to send messages to the service providers and amessage board(s) to receive messages from the providers.

The Transaction Module 22 may provide the following features:

-   -   Project Awarded—Provider will be notified once the project is        awarded by client via email, SMS texting, or other previously        specified method of communication.    -   Accept Project—Service provider will need to electronically        accept the awarded project to complete the engagement. In case        they feel the need to add team members, they can invite other        providers on the platform to join the project after negotiation        of revenue split.    -   Preview of work product—portions of the provider's work product        may be selectively displayed by, for example, a Flash player, to        the client for his approval and to mitigate the risk of        unauthorized copying before payments. The provider may be        provided with appropriate controls to determine which portion(s)        of his work product may be shown to the client prior to payment        of the milestone, and the platform will convert the file into        Flash format for client's review. After review, the client may        click a release-of-funds button on a client dashboard, or reject        the work product, and provide further instructions to the        provider.    -   Payment received—Once the payment is deposited into an escrow        account, the provider will be notified or able to view the        payment status on a provider dashboard prior to project        commencement. Upon delivery or work product to the client, the        corresponding milestone payment amount is released.    -   Revenue Split—Upon release of payment by the client for a        completed milestone, the platform divides the payment according        to previously agreed revenue split, if any, by the project team        members and sends payments to the individual team members,        thereby alleviating the needs of the project team members to        post-payment negotiations with each other.    -   Feedback and comment—Client can rate the service providers (if        they did not opt out) after project completion and give feedback        and post comment to the client. Service providers can also rate        the client (if client did not opt out) after completion of a        project and give feedback and post comment to the client.

In another embodiment, the Transaction Module 22 includes an optionalinternal project module wherein project milestones are agreed to andmanaged by a project team formed by registered users and whereinpayments for completed milestones are not required. Project acceptanceby a registered user may or may not be required as the internal projectfeature provides a project leader the ability to assign his internalstaff to the project for assistance. Nonetheless, the Transaction Module22 allows the team members to track or monitor project budget as well asprogress of the agreed project milestones during execution of theproject. Progress of a project milestone may be monitored by, forexample, when an assigned team member clicks or otherwise indicates tothe inventive system that a milestone is completed and, in turn, thesystem displays such milestone status to other team members. The agreedproject milestones may be subsequently modified by permitted teammembers such as the team leader or project coordinator of the projectwhile the Transaction Module 22 maintains records or history of allmodified milestones. Advantageously, the Transaction Module 22 allows auser in an enterprise environment to manage a project with internalstaff (where payments are not required) and/or external team memberswhose services would require payments.

In a particularly preferred embodiment, the documents and messages onthe inventive platform are encrypted and yet able to be shared withother users in a transparent and user-friendly manner. In other words,owners of documents and senders of messages to other users on theplatform are ensured that their data are encrypted without requiringtheir further input such as supplying additional passphrases. Yet, theirdocuments can be selectively shared with members of their teams, andmessages are sent to their intended recipients—while the system encryptsand decrypts the data automatically in the background and without activeintervention of the users.

FIG. 2 shows a portion of relational database 76 comprising tables for auser, the user's files, and the user's messages etc. Specifically, thetables include (1) a User table 50 wherein each user is assigned aunique identifier (e.g., User_ID) and which contains user informationsuch as user name, date of joining the platform, and email address etc.;(2) Files table 52 wherein each of the user's files is assigned a uniqueidentifier (e.g., File_ID) and includes file data such as file name anddate of creation, etc.; (3) a File Sharing table 54 which maps a list ofusers (including the file owner and shared users of a file) who haveaccess to a corresponding list of files; (4) a Message Inbox table 56which contains all messages received by a user and includes data fieldsfor identifying the message sender (e.g., ref_sender), the messagereceiver (e.g. ref_user) and the specific message (e.g., Message_In ID);(5) a Message Outbox table 58 for storing messages sent to other usersand since the messages are contained in two different tables, so thateach recipient can now “delete” the message without affecting otherusers who have not “deleted” the same message; and (6) a MessageReceiver table 60 for mapping each message to any user who has access tothe message. Accordingly, through the use of the various parameters inthis database, the system is able to track each user, the user's files,other users who were given access to the user's files by the user, andmessages between the user and the recipients. As explained below, uniqueidentifiers of a file or message and the user in combination with asystem defined passphrase, will be used as input parameters forencryption or decryption of the file or message, which will be sharedwith users who have been granted access by the owner of such file ormessage.

The system may use any standard encryption algorithm but preferablyemploys the Advance Encryption Standard (AES), which comprises threeblock ciphers, AES-128, AES-192, and AES-256. Each of these ciphers hasa 128-bit block size, with key sizes of 128, 192, and 256 bits,respectively. AES is the first publicly accessible and open cipherapproved by the National Security Agency (NSA) for top secretinformation. For most applications, AES-128 offers the most optimalperformance without compromising the security of the encrypted data.There are various readily available program modules that provide AESencryption capability.

In the presently preferred system, user documents and messages areencoded or decoded using separate AES encryption modules (and thusseparate processors) for greater efficiency as documents are stored instorage devices and processed by an application server, while messagesare processed and stored in a database server.

FIG. 3 diagrammatically illustrates how the system enables sharing ofencrypted files between two or more users. The system includes a WebApplication server 70 for interfacing with Users A and B, the securefile storage device 72, the Encoder 74, the Relational Database 76containing the unique identifiers U_Id (identifying the users), the F_Id(identifying the files of each user). The system security key (S_Id) maybe stored in either the Web Application or the Relational Database 76.The Encoder 74 comprises an encryption/decryption software applicationas explained above and coupled with an advantageous use of inputparameters to create an efficient and secure key for encryption anddecryption.

As described in the flow chart of FIG. 3, User A uploads one or morefiles to a storage device, which in turn notifies a Web Application 70to task an Encoder to encrypt the uploaded files for User A. The WebApplication 70 receives the unique identifiers of User A (e.g., User_ID)and the files (e.g., File_ID) and passes these parameters to the Encoder74. The Encoder 74 retrieves the uploaded files based on the User A'sand the files' unique identifiers. Advantageously, without requiring theUser A to provide a security passphrase, the Encoder 74 proceeds toencrypt the uploaded files based on the File_ID, User_ID, and a systemassigned key (e.g. S_ID), which may be randomly generated by the systemor manually defined by the system administrator. Preferably, aproprietary function may be created to combine File_ID, User_ID and theS_ID to generate a single string of characters for input into a standardAES encoder. Preferably, the system assigned key or passphrase isfurther compressed by a proprietary algorithm so that it is not readilyrecognizable by human in its stored form. In this manner, each file isencrypted with a unique combination of parameters thereby creating arobust encrypted data storage that would greatly minimize any securitybreach. Once completed, the Encoder 74 replaces the uploaded (andunencrypted) file with the encrypted file in the storage device 72.Assuming User A has subsequently shared this file with another user,User B, the system will permit User B to access the encrypted file ofUser A in a transparent manner. In contrast, conventional encryptionmethods would require User B to submit a passphrase unique to User A andwill potentially require users to share passphrases of each other inorder to collaborate. As shown, upon User B's request to download theshared file of User A, the Web Application 70 tasks the Encoder 72 toretrieve and decrypt the shared file. Upon completion, the decryptedfile is allowed to be downloaded by User B.

To further delineate this secure collaboration process, FIG. 4 describesstep-by-step an embodiment of this advantageous process. In Step 301,User A uploads files to File Storage 72 via HTTPS. In Step 303, FileStorage 72 notifies Web Application 70 of User A's uploaded files. InStep 305, Web Application tasks Encoder 74 to encrypt User A's uploadedfiles. In Step 307, Encoder retrieves and encrypts the uploaded files ofUser A based on unique identifiers of each of the files and User A plusa system assigned key. In Step 309, Encoder replaces the uploaded fileswith their encrypted versions. In Step 311, when User B requests a fileshared by User A, system checks if User B is authorized to access thefile. If Yes, in Step 313, Web Application 70 tasks the Encoder 74 toretrieve and decrypt the encrypted file of User A based on the uniqueidentifier of the requested file and User A, plus the system assignedkey. In Step 315, after decryption is complete, the file is allowed tobe downloaded by User B. If No, in Step 317, the Web Application takesno action.

To completely secure the users' data, it is also necessary to encryptthe messages between the users on the platform. FIG. 5 describes thesteps of encrypting a user's messages for storage and decrypting themessages for the recipient of such messages. Initially, in Step 501,User A composes and sends a message to User B. In Step 503, Encoder 74encrypts User A's message using the unique identifier of User A, themessage, and a system assigned key. In Step 505, Encoder 70 stores acopy of the encrypted message for User A and sends an identical copy ofthe encrypted message to User B. In Step 507, when User B desires toread the message, the Encoder retrieves and decrypts the encodedmessage. In Step 509, after decryption is complete, the message ispresented to User B.

FIG. 6 shows an embodiment of the inventive system deployed in anenterprise environment where service requesters and service providersmay form teams and secure data rooms for collaboration inside thefirewalls operated and controlled by the enterprise. In this embodiment,the inventive system includes an Interface 16 comprising theregistration module 14, connection module 16, collaboration module 20,and the matching module 18. The registration module 14 registers usersof the inventive system upon sign up by the users or by an administratorof the system via an administration panel. The registration module 14may be configured to allow the administrator to approve all new usersupon signing up by the users or, optionally, to register new users andlater confirmed by the newly registered users. The connection module 20enables users to connect with each other and form their own networks ofprofessional associates from which they can form work teams forprojects. The matching module 18 receives requests and requirements of aproject from service requesters and matches the project with the serviceproviders based on the profiles of the service providers. The users maycreate User Groups 36 which may be social or professional network groups(e.g., golf interest group, bankruptcy law group, and cost accountinggroup) through which users may share information via discussions anddocuments. The User Groups 36 may be “public” or “private”. If “public”,any users may join the user group without requiring explicit permissionfrom the group owner. If “private”, the group owner must approve eachuser before he or she is allowed to participate in the group.

The profiles of the users not only include biographical information andcredentials (e.g., certificates) provided by the users but could alsoinclude data content associated with the users such as user messages 32and Human Resources data 30. Advantageously, the inventive systemcomprises an Indexing Engine 36 that accesses stored user messages 32and data (e.g., emails stored by the enterprise's mail servers (e.g.,Microsoft Exchange servers), chat messages, voice mails, and text and/oraudio-video files) and Human Resources data 30 (e.g., biographicalinformation, prior jobs and accomplishment, prior and present job titlesand descriptions) and parses and indexes the data content for keywordsfor later searching and/or matching by the Matching Module 18.Appropriate parsers may be implemented depending upon the type of datacontent. The indexed results are stored in the Index Database 38. Toparse and index each data content, the Indexing Engine 36 determines(with the aid of, for example, optical character recognition tools fortextual documents and/or parsers for emails and chat messages) whetherkeywords such as the name of any user is mentioned, tagged, or otherwiseidentifiable with the data content. If so, the Indexing Engine 36associates the user with the data content and records theattributes/characteristics and significance of the data content in theIndex Database 38. The data content may also be memoranda, publishedpapers, deposition transcripts, emails, or chat messages. The system mayalso analyze the data content and identifies topics associated with thedata content and stores such topics and associated users in the IndexDatabase 38. In one scenario, if the user is an author of the memorandaor published papers based on, for example, associated metadata or tags,then a higher rank is assigned to the user in relation to the topics orkeywords mentioned in the documents. A lower rank would be assigned tothe user if the user merely retains such documents in his folders ormentions the keyword(s) in passing in an email or chat message. However,if the user is cited as an authority (e.g., quoted in the memorandum orcited in the bibliography section of a publication) for a topic then theIndexing Engine 36 may assign the user the highest rank (e.g., a scoreof 10 out of a possible 10). For purpose of matching the serviceproviders to a project, the system preferably ranks users (whose datacontent has been matched to keywords of the project requirement) higherthan those users who do not have specific data content matched to theproject requirement keywords.

Human resources or personnel data collected by the Human Resourcesdepartment of the enterprise may also be analyzed and indexed by theinventive system. The personnel data typically include biographicalinformation and other credentials of the staff of an enterprise. Thus,the users' profiles may be augmented by such personnel data even thoughthey may not have been entered by the users during the registrationprocess. From a user perspective, this automatic feature eliminates theneed to enter duplicative data by the users thereby enhancing the userexperience of the inventive system.

As shown in FIG. 6, the enterprise environment 14 also includesCollaboration and Software as a Service (SaaS) applications 34 (e.g.,electronic discovery software), all of which are secured behind theenterprise firewalls, and accessible by the users of the inventivesystem.

Although the inventive system has been described in terms of the legalindustry, it is contemplated that the system described herein is alsoapplicable to other service providers in other industries such as, forexample, accountants, consultants, engineers, designers, softwaredevelopers, marketing professionals, financial service professionals,and other service professionals.

The invention is not limited by the embodiments described above whichare presented as examples only but can be modified in various wayswithin the scope of protection defined by the appended patent claims.

Thus, while there have shown and described and pointed out fundamentalnovel features of the invention as applied to a preferred embodimentthereof, it will be understood that various omissions and substitutionsand changes in the form and details of the devices illustrated, and intheir operation, may be made by those skilled in the art withoutdeparting from the spirit of the invention. For example, it is expresslyintended that all combinations of those elements and/or method stepswhich perform substantially the same function in substantially the sameway to achieve the same results are within the scope of the invention.Moreover, it should be recognized that structures and/or elements and/ormethod steps shown and/or described in connection with any disclosedform or embodiment of the invention may be incorporated in any otherdisclosed or described or suggested form or embodiment as a generalmatter of design choice. It is the intention, therefore, to be limitedonly as indicated by the scope of the claims appended hereto.

What is claimed is:
 1. A computing platform for matching serviceproviders and service requesters in a secure computing environment,comprising: (a) a data storage for receiving a set of data from a firstuser; (b) a web application module for associating a first uniqueidentifier with the first user and a second unique identifier with theset of data of the first user, and for defining a security passphrase;(c) an encoder for encrypting the set of data based on the first uniqueidentifier, the second unique identifier, and the security passphrase;(d) a connection module for connecting the first user to form a group ofconnected users based on the first user's invitations to other users andfor defining a subgroup of connected users based on the first user'sinvitations to the connected users for sharing the set of data; (e) acollaboration module for facilitating the sharing of the encrypted setof data between the first user and the subgroup of connected userswithout requiring the members of the subgroup to input any of the firstand second unique identifiers and the security passphrase in order toreceive the set of data in unencrypted form, wherein the collaborationmodule retrieves the encrypted set of data based on the first uniqueidentifier and the second unique identifier, and the encoder decryptsthe encrypted set of data for the members of the subgroup based on thefirst unique identifier, the second unique identifier and the securitypassphrase; (f) an indexing engine for parsing data content of the usersfor keywords and associating the keywords of the data content with theusers; and (g) a matching module for receiving requirements for aproject from a second user who is a service requester and matching therequirements to one or more users who are service providers based onprofiles of the users, the profiles including the parsed data contentassociated with the users.
 2. The platform of claim 1, wherein theparsed data content associated with one of the users includes at leastone of biographical information, credentials, emails, voice mails,messages, memorandum and publications.
 3. The platform of claim 1,wherein the set of data represents one of documents and messages of thefirst user.
 4. The platform of claim 1, further comprising an indexdatabase for storing the keywords and associated users from the indexingengine.
 5. The platform of claim 1, further comprising a softwareprogram for generating a key by combining the first and second uniqueidentifiers and the security passphrase, the key being subsequently usedby the encoder to one of encrypt and decrypt the set of data.
 6. Theplatform of claim 4, further comprising a transaction module configuredto settle payments between the matched one or more users and the secondregistered user based on and allow the matched one or more users tomonitor progress of agreed project milestones.
 7. The platform of claim4, further comprising a work product preview module configured to allowthe service requester to preview portions of a work product prior topayment of an agreed project milestone associated with the work product.8. The platform of claim 7, wherein the work product preview moduleemploys video streaming technology to display the portions of the workproduct.
 9. The platform of claim 1, wherein the encoder uses AdvancedEncryption Standard (AES).
 10. The platform of claim 1, wherein theencoder uses AES-128.
 11. A computer implemented method for facilitatingconnection and collaboration of users including service providers andrequesters in a secure computing environment, comprising the steps of:(a) associating, using a computer processor, a first unique identifierwith a first user; (b) defining, using a computer processor, a securitypassphrase; (c) connecting, using a computer processor, the first userto other users to form a group based on the first user's invitations tothe other users; (d) receiving, using a computer processor, from thefirst user a set of data; (e) associating, using a computer processor, asecond unique identifier with the set of data; (f) encrypting, using acomputer processor, the set of data using the first and second uniqueidentifiers and the security passphrase; (g) sharing, using a computerprocessor, by the first user the encrypted set of data with selectmembers of the group without requiring the select members to input anyof the first and second unique identifiers or the security passphrase toreceive an unencrypted form of the set of data. (h) retrieving, using acomputer processor, the encrypted set of data using the first and secondunique identifiers, and decrypting the encrypted set of data based onthe first and second unique identifiers and the security passphrase; (i)receiving, using a computer processor, requirements for a project from asecond user who is a service requester; (j) parsing, using a computerprocessor, data content of the users for keywords and associating thekeywords of the parsed data content with the profiles of the users; and(k) matching, using a computer processor, the requirements to one ormore users who are service providers based on profiles of the users, theprofiles including the parsed data content of the users.
 12. The methodof claim 11, wherein the parsed data content associated with one of theusers includes at least one of biographical information, credentials,emails, voice mails, messages, memorandum and publications.
 13. Themethod of claim 11, wherein the set of data represents one of messagesand documents of the first user.
 14. The method of claim 12, furthercomprising the step of combining the first and second unique identifiersand the security passphrase to generate a key and wherein the steps ofencrypting and decrypting uses said key.
 15. The method of claim 12,further comprising the step of ranking users whose parsed data contenthas been matched with keywords of the requirements of the project. 16.The method of claim 15, further comprising the step of settling paymentsbetween the matched one or more users based on completion of previouslyagreed milestones.
 17. The method of claim 16, further comprising thestep of allowing the service requester to preview a portion of a workproduct of the matched one or more users prior to payment of apreviously agreed milestone associated with the work product.
 18. Themethod of claim 17, wherein the step of previewing work product usesvideo streaming technology.
 19. The method of claim 11, wherein the stepof encrypting uses Advanced Encryption Standard (AES).
 20. The method ofclaim 12, further comprising the step of ranking the service providersbased on their profiles, the profiles including the parsed data contentassociated with the service providers.